Keycloak MCP Server
Automate Keycloak user and realm management in FlowHunt with the Keycloak MCP Server, streamlining authentication tasks via AI-powered interfaces.
What does “Keycloak” MCP Server do?
The Keycloak MCP (Model Context Protocol) Server is a specialized tool that enables AI-powered administration of Keycloak users and realms. Acting as a bridge between AI assistants and Keycloak, it allows external clients (like Claude Desktop and other MCP-compatible platforms) to automate user and realm management tasks. Through the MCP interface, developers can perform user creation, deletion, realm listing, and user listing operations seamlessly. This enhances development and DevOps workflows by allowing AI agents to interact programmatically with authentication and user management infrastructure, making routine administrative tasks more efficient and reducing manual overhead.
List of Prompts
No prompt templates are mentioned in the repository.
List of Resources
No explicit resources are documented in the repository.
List of Tools
create-user
Creates a new user in a specified realm.
Inputs: realm, username, email, firstName, lastNamedelete-user
Deletes a user from a specified realm.
Inputs: realm, userIdlist-realms
Lists all available Keycloak realms.list-users
Lists all users in a specified realm.
Inputs: realm
Use Cases of this MCP Server
- Automated User Provisioning
Developers or DevOps engineers can automate the creation of new users across different realms, reducing manual intervention and ensuring consistent onboarding processes. - Bulk User Management
Easily list or remove users in specific realms, making it suitable for managing large-scale environments with multiple user accounts. - Realm Administration
Quickly retrieve the list of all available realms, facilitating multi-tenant or multi-environment scenarios where management across realms is required. - Integration with AI Agents
Allow AI assistants to handle repetitive Keycloak administrative tasks, such as creating test users for QA or cleaning up demo environments after testing. - Self-Service Portals
Enable end-users or support teams to perform routine user management actions via AI interfaces, improving response times and reducing support workload.
How to set it up
Windsurf
- Ensure Node.js is installed on your system.
- Locate your Windsurf configuration file.
- Add the Keycloak MCP Server using the following JSON snippet:
{ "mcpServers": { "keycloak": { "command": "npx", "args": ["-y", "keycloak-model-context-protocol"], "env": { "KEYCLOAK_URL": "http://localhost:8080", "KEYCLOAK_ADMIN": "admin", "KEYCLOAK_ADMIN_PASSWORD": "admin" } } } } - Save the configuration and restart Windsurf.
- Verify the setup by checking if Windsurf can connect to the Keycloak MCP Server.
Claude
- Ensure Node.js is installed.
- Open your Claude Desktop configuration file.
- Insert the following configuration under
mcpServers:{ "mcpServers": { "keycloak": { "command": "npx", "args": ["-y", "keycloak-model-context-protocol"], "env": { "KEYCLOAK_URL": "http://localhost:8080", "KEYCLOAK_ADMIN": "admin", "KEYCLOAK_ADMIN_PASSWORD": "admin" } } } } - Save the file and restart Claude Desktop.
- Confirm connectivity to the Keycloak MCP Server.
Cursor
- Make sure Node.js is set up.
- Find and open the Cursor configuration file.
- Add the Keycloak MCP Server details:
{ "mcpServers": { "keycloak": { "command": "npx", "args": ["-y", "keycloak-model-context-protocol"], "env": { "KEYCLOAK_URL": "http://localhost:8080", "KEYCLOAK_ADMIN": "admin", "KEYCLOAK_ADMIN_PASSWORD": "admin" } } } } - Save the configuration and restart Cursor.
- Check for a successful connection.
Cline
- Install Node.js if not already present.
- Access the Cline configuration file.
- Add the following MCP Server configuration:
{ "mcpServers": { "keycloak": { "command": "npx", "args": ["-y", "keycloak-model-context-protocol"], "env": { "KEYCLOAK_URL": "http://localhost:8080", "KEYCLOAK_ADMIN": "admin", "KEYCLOAK_ADMIN_PASSWORD": "admin" } } } } - Save changes and restart Cline.
- Verify that Cline recognizes the Keycloak MCP Server.
Securing API Keys
It is recommended to use environment variables for sensitive information like admin credentials. Example configuration:
{
"mcpServers": {
"keycloak": {
"command": "npx",
"args": ["-y", "keycloak-model-context-protocol"],
"env": {
"KEYCLOAK_URL": "http://localhost:8080",
"KEYCLOAK_ADMIN": "${KEYCLOAK_ADMIN}",
"KEYCLOAK_ADMIN_PASSWORD": "${KEYCLOAK_ADMIN_PASSWORD}"
}
}
}
}
Set the environment variables KEYCLOAK_ADMIN and KEYCLOAK_ADMIN_PASSWORD securely in your system before starting the application.
How to use this MCP inside flows
Using MCP in FlowHunt
To integrate MCP servers into your FlowHunt workflow, start by adding the MCP component to your flow and connecting it to your AI agent:
Click on the MCP component to open the configuration panel. In the system MCP configuration section, insert your MCP server details using this JSON format:
{
"keycloak": {
"transport": "streamable_http",
"url": "https://yourmcpserver.example/pathtothemcp/url"
}
}
Once configured, the AI agent is now able to use this MCP as a tool with access to all its functions and capabilities. Remember to change “keycloak” to whatever the actual name of your MCP server is and replace the URL with your own MCP server URL.
Overview
| Section | Availability | Details/Notes |
|---|---|---|
| Overview | ✅ | |
| List of Prompts | ⛔ | None found |
| List of Resources | ⛔ | None found |
| List of Tools | ✅ | User and realm management tools |
| Securing API Keys | ✅ | Uses env variables |
| Sampling Support (less important in evaluation) | ⛔ | Not mentioned |
Based on the available documentation and features, the Keycloak MCP Server provides solid foundational tools for Keycloak administration, but lacks advanced MCP features like prompt templates, explicit resources, or sampling support. Its main value lies in straightforward user/realm management via AI interfaces.
MCP Score
| Has a LICENSE | ⛔ |
|---|---|
| Has at least one tool | ✅ |
| Number of Forks | 9 |
| Number of Stars | 22 |
Overall Rating:
I would rate this MCP server a 5/10. It offers essential, well-documented Keycloak administration tools but is missing advanced MCP features and has no LICENSE file, which limits its adoption and extensibility.
Frequently asked questions
- What is the Keycloak MCP Server?
The Keycloak MCP Server is a tool that allows AI assistants and external clients to programmatically manage Keycloak users and realms. It provides automated interfaces for user creation, deletion, realm listing, and more, streamlining authentication workflows.
- Which Keycloak management operations are supported?
It supports creating users, deleting users, listing all realms, and listing users in a given realm—covering essential administration tasks.
- Can I use the Keycloak MCP Server with FlowHunt?
Yes, simply add the MCP component to your FlowHunt flow and configure the Keycloak MCP endpoint. Your AI agents will then be able to automate user and realm management tasks seamlessly.
- How should I secure my Keycloak admin credentials?
It’s strongly recommended to store sensitive information such as admin credentials in environment variables. Configure your MCP server to use these variables to enhance security and prevent accidental exposure.
- What are typical use cases for this server?
Automated user provisioning, bulk user management, realm administration, AI-driven authentication workflows, and enabling self-service user management portals for support teams or end-users.
Boost Keycloak Administration with FlowHunt's Keycloak MCP Server
Streamline user and realm management tasks with FlowHunt’s Keycloak MCP Server and let your AI agent handle routine authentication administration.
Learn more
